v0.1.0 - Camera Rental API: Core Catalog & Inventory

What is this?

A production-style REST API for a camera rental business, built with
Spring Boot 3, Spring Security (JWT), and PostgreSQL. Designed as an
architecture showcase — not just CRUD, but real-world business rules,
lifecycle management, and query optimization.

Features

Authentication & Authorization

• JWT-based auth with sign-in, sign-up, and sign-out (token blacklisting)
• Role-based access control: ADMIN, VENDOR, CUSTOMER
• Login rate limiting (Redis-backed with in-memory fallback)
• Origin-check filter for CSRF protection on mutation endpoints

Camera Catalog

• Full CRUD for camera models (brand, specs, sensor format, lens mount, etc.)
• Paginated listing with search (case-insensitive across brand and model name)
• Sort-field whitelisting to prevent arbitrary column access
• Soft-delete via PATCH /deactivate (recommended) with includeInactive filter
• Hard-delete gated by business rules — blocked if physical units still exist

Three-Tier Inventory System

• Camera → pure catalog record (specs, category)
• InventoryItem → links a camera to rental pricing (1:1 with Camera)
• PhysicalUnit → individual serial-numbered units on the shelf (many:1 with InventoryItem)
• Real-time totalUnits and availableUnits computed from physical unit status
• Unit lifecycle tracking: condition (NEW → POOR) and status (AVAILABLE, RENTED, MAINTENANCE, RETIRED)

Business Hours

• Weekly schedule management (CRUD by day of week)
• Case-insensitive day lookup (/monday, /MONDAY, /Monday all work)
• Public read access, admin-only writes

API Design & Error Handling

• Global exception handling with structured JSON responses
• Specific HTTP status codes: 400 (validation), 403 (authz), 404 (not found), 409 (conflict), 500 (unexpected)
• Bean Validation on all request DTOs
• Centralized path constants and pagination defaults

Performance

• N+1 query prevention via @EntityGraph and batched JPQL aggregates
• Manual DTO mapping on hot paths to avoid ModelMapper proxy traversal
• Documented query plans in service-layer Javadoc

Tech Stack

• Java 21, Spring Boot 3, Spring Security 6
• PostgreSQL 16 + Spring Data JPA / Hibernate 6
• Redis (rate limiting, JWT blacklist)
• Docker Compose for local infrastructure
• JUnit 5 + Mockito (unit tests) + Testcontainers (integration tests)

Test Coverage

• Unit tests: Service layer (Camera, Inventory, PhysicalUnit, BusinessHours),
  PaginationHelper utility, security components (JWT, filters, UserDetailsService)
• Integration tests: Full HTTP stack for all controllers via MockMvc +
  PostgreSQL Testcontainers

What's Next (Roadmap)

• Rental/reservation system (state machine: PENDING → ACTIVE → RETURNED/OVERDUE)
• Availability query endpoint
• Pricing rules (late fees, weekly discounts)
• Admin endpoint for user role management
• Swagger UI documentation
• README with architecture diagram